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DETAILED ACTION 
Remarks 

1. In response to communications filed on 3-February-2005, claims 30, 33, 38, and 41 are 
currently amended and claims 39 and 42 are cancelled per applicants request. Claims 29-38, 40- 
41, and 43 are presently pending in the application. 

2. In view of the examiner's amendment, authorized by the attorney of record, claims 38 
and 41 are amended. Claims 29-38, 40-41, and 43 are pending in the application. 

Examiner's Amendment 

3. An examiner's amendment to the record appears below. Should the changes and/or 
additions be unacceptable to applicant, an amendment maybe filed as provided by 37 CFR 
1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the 
payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview with 
Roger R. Wise on Ol-March-2005 (see enclosed interview summary for details). 

The application has been amended as follows. This listing of claims will replace all prior 
versions of the claims in the application. 



Claims 1-28 (cancelled). 
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29. (currently amended) A method of generatin g and transmitting a private encryption 
key, comprising: 

generating a public encryption key and a private encryption key at a client system; 
inputting a password and generating a random number; 

creating a random private key by exclusive-ORing the private key with the random 
number; 

generating a first hash value by hashing the password, a username, and a constant value; 

encrypting the random private key using the first hash value as an encryption key to 
create an encrypted random key; 

generating a second hash value by hashing the password, the username, and a second 
constant value; and 

transmitting the username, the second hash value, and the encrypted random key to a 
sever for storage. 

30. (previously presented) The method of claim 29, further including further 
authenticating a user at the server. 

3 1 . (previously presented) The method of claim 30, wherein the method of authenticating 
is using a biometric device. 

32. (previously presented) The method of claim 29, further including deleting the private 
encryption key from the client system. 



Application/Control Number: 09/672,496 
Art Unit: 2164 



Page 4 



33. (previously presented) The method of claim 29, further including deleting the 
constant value from the client system. 

34. (previously presented) A computer readable medium containing instructions for 
execution by a processor, the instructions, which when executed, cause the processor to: 

generate a public encryption key and a private encryption key at a client system, which 
includes the processor; 

receive a password and generate a random number; 

create a random private key by exclusive-ORing the private key with the random number; 

generate a first hash value by hashing the password, a username, and a constant value; 

encrypt the random private key using the first hash value as an encryption key to create 
an encrypted random key; 

generate a second hash value by hashing the password, the username, and a second 
constant value; and 

transmit the username, the second hash value, and the encrypted random key to a server 
for storage. 

35. (previously presented) The computer- readable medium of claim 34, including 
instructions, which when executed causes the processor to delete the private encryption key from 
the client system. 
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36. (previously presented) The computer-readable medium of claim 34, including 
instructions, which when executed causes the processor to delete the constant value. 

37. (previously presented) The computer-readable medium of claim 34, including 
instructions, which when executed causes the processor to delete the second constant value. 

38. (currently amended) A method for retrieving a stored password, comprising: 
receiving a password and a username; 

generating a first hash value using the password, the username, and a first constant value; 
generating a second hash value using the password, the username, and a second constant 

value; 

transmitting the second hash value and the username to a key server; 

receiving an encrypted random private key from the key server i £when the username and 
the second hash value match a stored username value and a stored hash value; and 

decrypting the encrypted random private key using the first has- hash value as an 
encryption key to g e n e rating generate a random private key. 

Claim 39 (cancelled). 

40. (previously presented) The method of claim 38, further including exclusive-ORing a 
random number with the random private key to generate a private key. 
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41. (currently amended) A computer readable medium containing instructions for 
execution by a processor, the instructions, which when executed, cause the processor to: 
receive a password and a username; 

generate a first hash value using the password, the username, and a first constant value; 
generate a second hash value using the password, the username, and a second constant 

value; 

transmit the second hash value and the username to a key server; 

receive an encrypted random private key from the key server if- when the username and 
the second hash value match a stored username value and a stored hash value; and 

decrypt the encrypted random private key using the first hash value as an encryption key 
to generate a random private key. 

Claim 42 (cancelled). 

43. (previously presented) The computer-readable medium of claim 41, including 
instructions, which when executed causes the processor to exclusive-OR a random number with 
the random private key to generate a private key. 



4. 



Allowable Subject Matter 
The following is an examiner's statement of reasons for allowance: 
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The prior art of record does not disclose, teach, or suggest the claimed limitations (in 
combination with all other features of the claim): 

generating a first hash value by hashing the password, a username, and a constant value; 

encrypting the random private key using the first hash value as an encryption key to 
create an encrypted random key; 

generating a second hash value by hashing the password, the username, and a second 
constant value; and 

transmitting the username, the second hash value, and the encrypted random key to a 
server for storage as claimed in claim 29. 

The prior art of record does not disclose, teach, or suggest the claimed limitations (in 
combination with all other features of the claim): 

generate a first hash value by hashing the password, a username, and a constant value; 

encrypt the random private key using the first hash value as an encryption key to create 
an encrypted random key; 

generate a second hash value by hashing the password, the username, and a second 
constant value; and 

transmit the username, the second hash value, and the encrypted random key to a server 
for storage as claimed in claim 34. 

The prior art of record does not disclose, teach, or suggest the claimed limitations (in 
combination with all other features of the claim): 
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generating a first hash value using the password, the username, and a first constant value; 
generating a second hash value using the password, the username, and a second constant 

value; 

transmitting the second hash value and the username to a key server; 

receiving an encrypted random private key from the key server when the username and 
the second hash value match a stored username value and a stored hash value; and 

decrypting the encrypted random private key using the first hash value as an encryption 
key to generate a random private key as claimed in claim 38. 

The prior art of record does not disclose, teach, or suggest the claimed limitations (in 
combination with all other features of the claim): 

generate a first hash value using the password, the username, and a first constant value; 
generate a second hash value using the password, the username, and a second constant 

value; 

transmit the second hash value and the username to a key server; 

receive an encrypted random private key from the key server when the username and the 
second hash value match a stored username value and a stored hash value; and 

decrypt the encrypted random private key using the first hash value as an encryption key 
to generating a random private key as claimed in claim 41. 

Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 
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fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for 
Allowance." 

Conclusion 

U.S. patent No. 6,230,269 Bl to Spies et al. for teaching construction of a public/private 
key pair from key source material, the user ID, and the user password. 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jacob F. Betit whose telephone number is (571) 272-4075. The 
examiner can normally be reached on Monday through Friday 9 am to 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Dov Popovici can be reached on (571) 272-4083. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



jfb 



SAM RIMELL 
PRIMARY EXAMINER 




28 Feb 2005 



